4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #include "qemu-common.h"
22 #ifdef CONFIG_USER_ONLY
33 #include "qemu-char.h"
38 #define MAX_PACKET_LENGTH 4096
40 #include "qemu_socket.h"
42 /* XXX: these constants may be independent of the host ones even for Unix */
55 typedef struct GDBRegisterState {
61 struct GDBRegisterState *next;
71 typedef struct GDBState {
72 CPUState *c_cpu; /* current CPU for step/continue ops */
73 CPUState *g_cpu; /* current CPU for other ops */
74 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
75 enum RSState state; /* parsing state */
76 char line_buf[MAX_PACKET_LENGTH];
79 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
82 #ifdef CONFIG_USER_ONLY
90 /* By default use no IRQs and no timers while single stepping so as to
91 * make single stepping like an ICE HW step.
93 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
95 static GDBState *gdbserver_state;
97 /* This is an ugly hack to cope with both new and old gdb.
98 If gdb sends qXfer:features:read then assume we're talking to a newish
99 gdb that understands target descriptions. */
100 static int gdb_has_xml;
102 #ifdef CONFIG_USER_ONLY
103 /* XXX: This is not thread safe. Do we care? */
104 static int gdbserver_fd = -1;
106 static int get_char(GDBState *s)
112 ret = recv(s->fd, &ch, 1, 0);
114 if (errno == ECONNRESET)
116 if (errno != EINTR && errno != EAGAIN)
118 } else if (ret == 0) {
130 static gdb_syscall_complete_cb gdb_current_syscall_cb;
138 /* If gdb is connected when the first semihosting syscall occurs then use
139 remote gdb syscalls. Otherwise use native file IO. */
140 int use_gdb_syscalls(void)
142 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
143 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
146 return gdb_syscall_mode == GDB_SYS_ENABLED;
149 /* Resume execution. */
150 static inline void gdb_continue(GDBState *s)
152 #ifdef CONFIG_USER_ONLY
153 s->running_state = 1;
159 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
161 #ifdef CONFIG_USER_ONLY
165 ret = send(s->fd, buf, len, 0);
167 if (errno != EINTR && errno != EAGAIN)
175 qemu_chr_write(s->chr, buf, len);
179 static inline int fromhex(int v)
181 if (v >= '0' && v <= '9')
183 else if (v >= 'A' && v <= 'F')
185 else if (v >= 'a' && v <= 'f')
191 static inline int tohex(int v)
199 static void memtohex(char *buf, const uint8_t *mem, int len)
204 for(i = 0; i < len; i++) {
206 *q++ = tohex(c >> 4);
207 *q++ = tohex(c & 0xf);
212 static void hextomem(uint8_t *mem, const char *buf, int len)
216 for(i = 0; i < len; i++) {
217 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
222 /* return -1 if error, 0 if OK */
223 static int put_packet_binary(GDBState *s, const char *buf, int len)
234 for(i = 0; i < len; i++) {
238 *(p++) = tohex((csum >> 4) & 0xf);
239 *(p++) = tohex((csum) & 0xf);
241 s->last_packet_len = p - s->last_packet;
242 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
244 #ifdef CONFIG_USER_ONLY
257 /* return -1 if error, 0 if OK */
258 static int put_packet(GDBState *s, const char *buf)
261 printf("reply='%s'\n", buf);
264 return put_packet_binary(s, buf, strlen(buf));
267 /* The GDB remote protocol transfers values in target byte order. This means
268 we can use the raw memory access routines to access the value buffer.
269 Conveniently, these also handle the case where the buffer is mis-aligned.
271 #define GET_REG8(val) do { \
272 stb_p(mem_buf, val); \
275 #define GET_REG16(val) do { \
276 stw_p(mem_buf, val); \
279 #define GET_REG32(val) do { \
280 stl_p(mem_buf, val); \
283 #define GET_REG64(val) do { \
284 stq_p(mem_buf, val); \
288 #if TARGET_LONG_BITS == 64
289 #define GET_REGL(val) GET_REG64(val)
290 #define ldtul_p(addr) ldq_p(addr)
292 #define GET_REGL(val) GET_REG32(val)
293 #define ldtul_p(addr) ldl_p(addr)
296 #if defined(TARGET_I386)
299 static const int gpr_map[16] = {
300 R_EAX, R_EBX, R_ECX, R_EDX, R_ESI, R_EDI, R_EBP, R_ESP,
301 8, 9, 10, 11, 12, 13, 14, 15
304 static const int gpr_map[8] = {0, 1, 2, 3, 4, 5, 6, 7};
307 #define NUM_CORE_REGS (CPU_NB_REGS * 2 + 25)
309 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
311 if (n < CPU_NB_REGS) {
312 GET_REGL(env->regs[gpr_map[n]]);
313 } else if (n >= CPU_NB_REGS + 8 && n < CPU_NB_REGS + 16) {
314 /* FIXME: byteswap float values. */
315 #ifdef USE_X86LDOUBLE
316 memcpy(mem_buf, &env->fpregs[n - (CPU_NB_REGS + 8)], 10);
318 memset(mem_buf, 0, 10);
321 } else if (n >= CPU_NB_REGS + 24) {
322 n -= CPU_NB_REGS + 24;
323 if (n < CPU_NB_REGS) {
324 stq_p(mem_buf, env->xmm_regs[n].XMM_Q(0));
325 stq_p(mem_buf + 8, env->xmm_regs[n].XMM_Q(1));
327 } else if (n == CPU_NB_REGS) {
328 GET_REG32(env->mxcsr);
333 case 0: GET_REGL(env->eip);
334 case 1: GET_REG32(env->eflags);
335 case 2: GET_REG32(env->segs[R_CS].selector);
336 case 3: GET_REG32(env->segs[R_SS].selector);
337 case 4: GET_REG32(env->segs[R_DS].selector);
338 case 5: GET_REG32(env->segs[R_ES].selector);
339 case 6: GET_REG32(env->segs[R_FS].selector);
340 case 7: GET_REG32(env->segs[R_GS].selector);
341 /* 8...15 x87 regs. */
342 case 16: GET_REG32(env->fpuc);
343 case 17: GET_REG32((env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11);
344 case 18: GET_REG32(0); /* ftag */
345 case 19: GET_REG32(0); /* fiseg */
346 case 20: GET_REG32(0); /* fioff */
347 case 21: GET_REG32(0); /* foseg */
348 case 22: GET_REG32(0); /* fooff */
349 case 23: GET_REG32(0); /* fop */
356 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int i)
360 if (i < CPU_NB_REGS) {
361 env->regs[gpr_map[i]] = ldtul_p(mem_buf);
362 return sizeof(target_ulong);
363 } else if (i >= CPU_NB_REGS + 8 && i < CPU_NB_REGS + 16) {
364 i -= CPU_NB_REGS + 8;
365 #ifdef USE_X86LDOUBLE
366 memcpy(&env->fpregs[i], mem_buf, 10);
369 } else if (i >= CPU_NB_REGS + 24) {
370 i -= CPU_NB_REGS + 24;
371 if (i < CPU_NB_REGS) {
372 env->xmm_regs[i].XMM_Q(0) = ldq_p(mem_buf);
373 env->xmm_regs[i].XMM_Q(1) = ldq_p(mem_buf + 8);
375 } else if (i == CPU_NB_REGS) {
376 env->mxcsr = ldl_p(mem_buf);
382 case 0: env->eip = ldtul_p(mem_buf); return sizeof(target_ulong);
383 case 1: env->eflags = ldl_p(mem_buf); return 4;
384 #if defined(CONFIG_USER_ONLY)
385 #define LOAD_SEG(index, sreg)\
386 tmp = ldl_p(mem_buf);\
387 if (tmp != env->segs[sreg].selector)\
388 cpu_x86_load_seg(env, sreg, tmp);
390 /* FIXME: Honor segment registers. Needs to avoid raising an exception
391 when the selector is invalid. */
392 #define LOAD_SEG(index, sreg) do {} while(0)
394 case 2: LOAD_SEG(10, R_CS); return 4;
395 case 3: LOAD_SEG(11, R_SS); return 4;
396 case 4: LOAD_SEG(12, R_DS); return 4;
397 case 5: LOAD_SEG(13, R_ES); return 4;
398 case 6: LOAD_SEG(14, R_FS); return 4;
399 case 7: LOAD_SEG(15, R_GS); return 4;
400 /* 8...15 x87 regs. */
401 case 16: env->fpuc = ldl_p(mem_buf); return 4;
403 tmp = ldl_p(mem_buf);
404 env->fpstt = (tmp >> 11) & 7;
405 env->fpus = tmp & ~0x3800;
407 case 18: /* ftag */ return 4;
408 case 19: /* fiseg */ return 4;
409 case 20: /* fioff */ return 4;
410 case 21: /* foseg */ return 4;
411 case 22: /* fooff */ return 4;
412 case 23: /* fop */ return 4;
416 /* Unrecognised register. */
420 #elif defined (TARGET_PPC)
422 #define NUM_CORE_REGS 71
424 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
428 GET_REGL(env->gpr[n]);
431 stfq_p(mem_buf, env->fpr[n-32]);
435 case 64: GET_REGL(env->nip);
436 case 65: GET_REGL(env->msr);
441 for (i = 0; i < 8; i++)
442 cr |= env->crf[i] << (32 - ((i + 1) * 4));
445 case 67: GET_REGL(env->lr);
446 case 68: GET_REGL(env->ctr);
447 case 69: GET_REGL(env->xer);
448 case 70: GET_REG32(0); /* fpscr */
454 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
458 env->gpr[n] = ldtul_p(mem_buf);
459 return sizeof(target_ulong);
462 env->fpr[n-32] = ldfq_p(mem_buf);
467 env->nip = ldtul_p(mem_buf);
468 return sizeof(target_ulong);
470 ppc_store_msr(env, ldtul_p(mem_buf));
471 return sizeof(target_ulong);
474 uint32_t cr = ldl_p(mem_buf);
476 for (i = 0; i < 8; i++)
477 env->crf[i] = (cr >> (32 - ((i + 1) * 4))) & 0xF;
481 env->lr = ldtul_p(mem_buf);
482 return sizeof(target_ulong);
484 env->ctr = ldtul_p(mem_buf);
485 return sizeof(target_ulong);
487 env->xer = ldtul_p(mem_buf);
488 return sizeof(target_ulong);
497 #elif defined (TARGET_SPARC)
499 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
500 #define NUM_CORE_REGS 86
502 #define NUM_CORE_REGS 73
506 #define GET_REGA(val) GET_REG32(val)
508 #define GET_REGA(val) GET_REGL(val)
511 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
515 GET_REGA(env->gregs[n]);
518 /* register window */
519 GET_REGA(env->regwptr[n - 8]);
521 #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
524 GET_REG32(*((uint32_t *)&env->fpr[n - 32]));
526 /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
528 case 64: GET_REGA(env->y);
529 case 65: GET_REGA(GET_PSR(env));
530 case 66: GET_REGA(env->wim);
531 case 67: GET_REGA(env->tbr);
532 case 68: GET_REGA(env->pc);
533 case 69: GET_REGA(env->npc);
534 case 70: GET_REGA(env->fsr);
535 case 71: GET_REGA(0); /* csr */
536 case 72: GET_REGA(0);
541 GET_REG32(*((uint32_t *)&env->fpr[n - 32]));
544 /* f32-f62 (double width, even numbers only) */
547 val = (uint64_t)*((uint32_t *)&env->fpr[(n - 64) * 2 + 32]) << 32;
548 val |= *((uint32_t *)&env->fpr[(n - 64) * 2 + 33]);
552 case 80: GET_REGL(env->pc);
553 case 81: GET_REGL(env->npc);
554 case 82: GET_REGL(((uint64_t)GET_CCR(env) << 32) |
555 ((env->asi & 0xff) << 24) |
556 ((env->pstate & 0xfff) << 8) |
558 case 83: GET_REGL(env->fsr);
559 case 84: GET_REGL(env->fprs);
560 case 85: GET_REGL(env->y);
566 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
568 #if defined(TARGET_ABI32)
571 tmp = ldl_p(mem_buf);
575 tmp = ldtul_p(mem_buf);
582 /* register window */
583 env->regwptr[n - 8] = tmp;
585 #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
588 *((uint32_t *)&env->fpr[n - 32]) = tmp;
590 /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
592 case 64: env->y = tmp; break;
593 case 65: PUT_PSR(env, tmp); break;
594 case 66: env->wim = tmp; break;
595 case 67: env->tbr = tmp; break;
596 case 68: env->pc = tmp; break;
597 case 69: env->npc = tmp; break;
598 case 70: env->fsr = tmp; break;
606 env->fpr[n] = ldfl_p(mem_buf);
609 /* f32-f62 (double width, even numbers only) */
610 *((uint32_t *)&env->fpr[(n - 64) * 2 + 32]) = tmp >> 32;
611 *((uint32_t *)&env->fpr[(n - 64) * 2 + 33]) = tmp;
614 case 80: env->pc = tmp; break;
615 case 81: env->npc = tmp; break;
617 PUT_CCR(env, tmp >> 32);
618 env->asi = (tmp >> 24) & 0xff;
619 env->pstate = (tmp >> 8) & 0xfff;
620 PUT_CWP64(env, tmp & 0xff);
622 case 83: env->fsr = tmp; break;
623 case 84: env->fprs = tmp; break;
624 case 85: env->y = tmp; break;
631 #elif defined (TARGET_ARM)
633 /* Old gdb always expect FPA registers. Newer (xml-aware) gdb only expect
634 whatever the target description contains. Due to a historical mishap
635 the FPA registers appear in between core integer regs and the CPSR.
636 We hack round this by giving the FPA regs zero size when talking to a
638 #define NUM_CORE_REGS 26
639 #define GDB_CORE_XML "arm-core.xml"
641 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
644 /* Core integer register. */
645 GET_REG32(env->regs[n]);
651 memset(mem_buf, 0, 12);
656 /* FPA status register. */
662 GET_REG32(cpsr_read(env));
664 /* Unknown register. */
668 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
672 tmp = ldl_p(mem_buf);
674 /* Mask out low bit of PC to workaround gdb bugs. This will probably
675 cause problems if we ever implement the Jazelle DBX extensions. */
680 /* Core integer register. */
684 if (n < 24) { /* 16-23 */
685 /* FPA registers (ignored). */
692 /* FPA status register (ignored). */
698 cpsr_write (env, tmp, 0xffffffff);
701 /* Unknown register. */
705 #elif defined (TARGET_M68K)
707 #define NUM_CORE_REGS 18
709 #define GDB_CORE_XML "cf-core.xml"
711 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
715 GET_REG32(env->dregs[n]);
718 GET_REG32(env->aregs[n - 8]);
721 case 16: GET_REG32(env->sr);
722 case 17: GET_REG32(env->pc);
725 /* FP registers not included here because they vary between
726 ColdFire and m68k. Use XML bits for these. */
730 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
734 tmp = ldl_p(mem_buf);
741 env->aregs[n - 8] = tmp;
744 case 16: env->sr = tmp; break;
745 case 17: env->pc = tmp; break;
751 #elif defined (TARGET_MIPS)
753 #define NUM_CORE_REGS 73
755 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
758 GET_REGL(env->active_tc.gpr[n]);
760 if (env->CP0_Config1 & (1 << CP0C1_FP)) {
761 if (n >= 38 && n < 70) {
762 if (env->CP0_Status & (1 << CP0St_FR))
763 GET_REGL(env->active_fpu.fpr[n - 38].d);
765 GET_REGL(env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX]);
768 case 70: GET_REGL((int32_t)env->active_fpu.fcr31);
769 case 71: GET_REGL((int32_t)env->active_fpu.fcr0);
773 case 32: GET_REGL((int32_t)env->CP0_Status);
774 case 33: GET_REGL(env->active_tc.LO[0]);
775 case 34: GET_REGL(env->active_tc.HI[0]);
776 case 35: GET_REGL(env->CP0_BadVAddr);
777 case 36: GET_REGL((int32_t)env->CP0_Cause);
778 case 37: GET_REGL(env->active_tc.PC);
779 case 72: GET_REGL(0); /* fp */
780 case 89: GET_REGL((int32_t)env->CP0_PRid);
782 if (n >= 73 && n <= 88) {
783 /* 16 embedded regs. */
790 /* convert MIPS rounding mode in FCR31 to IEEE library */
791 static unsigned int ieee_rm[] =
793 float_round_nearest_even,
798 #define RESTORE_ROUNDING_MODE \
799 set_float_rounding_mode(ieee_rm[env->active_fpu.fcr31 & 3], &env->active_fpu.fp_status)
801 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
805 tmp = ldtul_p(mem_buf);
808 env->active_tc.gpr[n] = tmp;
809 return sizeof(target_ulong);
811 if (env->CP0_Config1 & (1 << CP0C1_FP)
812 && n >= 38 && n < 73) {
814 if (env->CP0_Status & (1 << CP0St_FR))
815 env->active_fpu.fpr[n - 38].d = tmp;
817 env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX] = tmp;
821 env->active_fpu.fcr31 = tmp & 0xFF83FFFF;
822 /* set rounding mode */
823 RESTORE_ROUNDING_MODE;
824 #ifndef CONFIG_SOFTFLOAT
825 /* no floating point exception for native float */
826 SET_FP_ENABLE(env->active_fpu.fcr31, 0);
829 case 71: env->active_fpu.fcr0 = tmp; break;
831 return sizeof(target_ulong);
834 case 32: env->CP0_Status = tmp; break;
835 case 33: env->active_tc.LO[0] = tmp; break;
836 case 34: env->active_tc.HI[0] = tmp; break;
837 case 35: env->CP0_BadVAddr = tmp; break;
838 case 36: env->CP0_Cause = tmp; break;
839 case 37: env->active_tc.PC = tmp; break;
840 case 72: /* fp, ignored */ break;
844 /* Other registers are readonly. Ignore writes. */
848 return sizeof(target_ulong);
850 #elif defined (TARGET_SH4)
852 /* Hint: Use "set architecture sh4" in GDB to see fpu registers */
853 /* FIXME: We should use XML for this. */
855 #define NUM_CORE_REGS 59
857 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
860 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
861 GET_REGL(env->gregs[n + 16]);
863 GET_REGL(env->gregs[n]);
866 GET_REGL(env->gregs[n - 8]);
867 } else if (n >= 25 && n < 41) {
868 GET_REGL(env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)]);
869 } else if (n >= 43 && n < 51) {
870 GET_REGL(env->gregs[n - 43]);
871 } else if (n >= 51 && n < 59) {
872 GET_REGL(env->gregs[n - (51 - 16)]);
875 case 16: GET_REGL(env->pc);
876 case 17: GET_REGL(env->pr);
877 case 18: GET_REGL(env->gbr);
878 case 19: GET_REGL(env->vbr);
879 case 20: GET_REGL(env->mach);
880 case 21: GET_REGL(env->macl);
881 case 22: GET_REGL(env->sr);
882 case 23: GET_REGL(env->fpul);
883 case 24: GET_REGL(env->fpscr);
884 case 41: GET_REGL(env->ssr);
885 case 42: GET_REGL(env->spc);
891 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
895 tmp = ldl_p(mem_buf);
898 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
899 env->gregs[n + 16] = tmp;
905 env->gregs[n - 8] = tmp;
907 } else if (n >= 25 && n < 41) {
908 env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)] = tmp;
909 } else if (n >= 43 && n < 51) {
910 env->gregs[n - 43] = tmp;
912 } else if (n >= 51 && n < 59) {
913 env->gregs[n - (51 - 16)] = tmp;
917 case 16: env->pc = tmp;
918 case 17: env->pr = tmp;
919 case 18: env->gbr = tmp;
920 case 19: env->vbr = tmp;
921 case 20: env->mach = tmp;
922 case 21: env->macl = tmp;
923 case 22: env->sr = tmp;
924 case 23: env->fpul = tmp;
925 case 24: env->fpscr = tmp;
926 case 41: env->ssr = tmp;
927 case 42: env->spc = tmp;
933 #elif defined (TARGET_CRIS)
935 #define NUM_CORE_REGS 49
937 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
941 srs = env->pregs[PR_SRS];
943 GET_REG32(env->regs[n]);
946 if (n >= 21 && n < 32) {
947 GET_REG32(env->pregs[n - 16]);
949 if (n >= 33 && n < 49) {
950 GET_REG32(env->sregs[srs][n - 33]);
953 case 16: GET_REG8(env->pregs[0]);
954 case 17: GET_REG8(env->pregs[1]);
955 case 18: GET_REG32(env->pregs[2]);
956 case 19: GET_REG8(srs);
957 case 20: GET_REG16(env->pregs[4]);
958 case 32: GET_REG32(env->pc);
964 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
971 tmp = ldl_p(mem_buf);
977 if (n >= 21 && n < 32) {
978 env->pregs[n - 16] = tmp;
981 /* FIXME: Should support function regs be writable? */
985 case 18: env->pregs[PR_PID] = tmp; break;
988 case 32: env->pc = tmp; break;
995 #define NUM_CORE_REGS 0
997 static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1002 static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1009 static int num_g_regs = NUM_CORE_REGS;
1012 /* Encode data using the encoding for 'x' packets. */
1013 static int memtox(char *buf, const char *mem, int len)
1021 case '#': case '$': case '*': case '}':
1033 const char *get_feature_xml(const char *p, const char **newp)
1035 extern const char *const xml_builtin[][2];
1039 static char target_xml[1024];
1042 while (p[len] && p[len] != ':')
1047 if (strncmp(p, "target.xml", len) == 0) {
1048 /* Generate the XML description for this CPU. */
1049 if (!target_xml[0]) {
1050 GDBRegisterState *r;
1052 snprintf(target_xml, sizeof(target_xml),
1053 "<?xml version=\"1.0\"?>"
1054 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1056 "<xi:include href=\"%s\"/>",
1059 for (r = first_cpu->gdb_regs; r; r = r->next) {
1060 strcat(target_xml, "<xi:include href=\"");
1061 strcat(target_xml, r->xml);
1062 strcat(target_xml, "\"/>");
1064 strcat(target_xml, "</target>");
1068 for (i = 0; ; i++) {
1069 name = xml_builtin[i][0];
1070 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1073 return name ? xml_builtin[i][1] : NULL;
1077 static int gdb_read_register(CPUState *env, uint8_t *mem_buf, int reg)
1079 GDBRegisterState *r;
1081 if (reg < NUM_CORE_REGS)
1082 return cpu_gdb_read_register(env, mem_buf, reg);
1084 for (r = env->gdb_regs; r; r = r->next) {
1085 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1086 return r->get_reg(env, mem_buf, reg - r->base_reg);
1092 static int gdb_write_register(CPUState *env, uint8_t *mem_buf, int reg)
1094 GDBRegisterState *r;
1096 if (reg < NUM_CORE_REGS)
1097 return cpu_gdb_write_register(env, mem_buf, reg);
1099 for (r = env->gdb_regs; r; r = r->next) {
1100 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1101 return r->set_reg(env, mem_buf, reg - r->base_reg);
1107 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
1108 specifies the first register number and these registers are included in
1109 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
1110 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1113 void gdb_register_coprocessor(CPUState * env,
1114 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1115 int num_regs, const char *xml, int g_pos)
1117 GDBRegisterState *s;
1118 GDBRegisterState **p;
1119 static int last_reg = NUM_CORE_REGS;
1121 s = (GDBRegisterState *)qemu_mallocz(sizeof(GDBRegisterState));
1122 s->base_reg = last_reg;
1123 s->num_regs = num_regs;
1124 s->get_reg = get_reg;
1125 s->set_reg = set_reg;
1129 /* Check for duplicates. */
1130 if (strcmp((*p)->xml, xml) == 0)
1134 /* Add to end of list. */
1135 last_reg += num_regs;
1138 if (g_pos != s->base_reg) {
1139 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1140 "Expected %d got %d\n", xml, g_pos, s->base_reg);
1142 num_g_regs = last_reg;
1147 /* GDB breakpoint/watchpoint types */
1148 #define GDB_BREAKPOINT_SW 0
1149 #define GDB_BREAKPOINT_HW 1
1150 #define GDB_WATCHPOINT_WRITE 2
1151 #define GDB_WATCHPOINT_READ 3
1152 #define GDB_WATCHPOINT_ACCESS 4
1154 #ifndef CONFIG_USER_ONLY
1155 static const int xlat_gdb_type[] = {
1156 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1157 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1158 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1162 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1168 case GDB_BREAKPOINT_SW:
1169 case GDB_BREAKPOINT_HW:
1170 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1171 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1176 #ifndef CONFIG_USER_ONLY
1177 case GDB_WATCHPOINT_WRITE:
1178 case GDB_WATCHPOINT_READ:
1179 case GDB_WATCHPOINT_ACCESS:
1180 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1181 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1193 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1199 case GDB_BREAKPOINT_SW:
1200 case GDB_BREAKPOINT_HW:
1201 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1202 err = cpu_breakpoint_remove(env, addr, BP_GDB);
1207 #ifndef CONFIG_USER_ONLY
1208 case GDB_WATCHPOINT_WRITE:
1209 case GDB_WATCHPOINT_READ:
1210 case GDB_WATCHPOINT_ACCESS:
1211 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1212 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
1223 static void gdb_breakpoint_remove_all(void)
1227 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1228 cpu_breakpoint_remove_all(env, BP_GDB);
1229 #ifndef CONFIG_USER_ONLY
1230 cpu_watchpoint_remove_all(env, BP_GDB);
1235 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1239 int ch, reg_size, type, res, thread;
1240 char buf[MAX_PACKET_LENGTH];
1241 uint8_t mem_buf[MAX_PACKET_LENGTH];
1243 target_ulong addr, len;
1246 printf("command='%s'\n", line_buf);
1252 /* TODO: Make this return the correct value for user-mode. */
1253 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", SIGTRAP,
1254 s->c_cpu->cpu_index+1);
1256 /* Remove all the breakpoints when this query is issued,
1257 * because gdb is doing and initial connect and the state
1258 * should be cleaned up.
1260 gdb_breakpoint_remove_all();
1264 addr = strtoull(p, (char **)&p, 16);
1265 #if defined(TARGET_I386)
1266 s->c_cpu->eip = addr;
1267 #elif defined (TARGET_PPC)
1268 s->c_cpu->nip = addr;
1269 #elif defined (TARGET_SPARC)
1270 s->c_cpu->pc = addr;
1271 s->c_cpu->npc = addr + 4;
1272 #elif defined (TARGET_ARM)
1273 s->c_cpu->regs[15] = addr;
1274 #elif defined (TARGET_SH4)
1275 s->c_cpu->pc = addr;
1276 #elif defined (TARGET_MIPS)
1277 s->c_cpu->active_tc.PC = addr;
1278 #elif defined (TARGET_CRIS)
1279 s->c_cpu->pc = addr;
1285 s->signal = strtoul(p, (char **)&p, 16);
1289 /* Kill the target */
1290 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
1294 gdb_breakpoint_remove_all();
1296 put_packet(s, "OK");
1300 addr = strtoull(p, (char **)&p, 16);
1301 #if defined(TARGET_I386)
1302 s->c_cpu->eip = addr;
1303 #elif defined (TARGET_PPC)
1304 s->c_cpu->nip = addr;
1305 #elif defined (TARGET_SPARC)
1306 s->c_cpu->pc = addr;
1307 s->c_cpu->npc = addr + 4;
1308 #elif defined (TARGET_ARM)
1309 s->c_cpu->regs[15] = addr;
1310 #elif defined (TARGET_SH4)
1311 s->c_cpu->pc = addr;
1312 #elif defined (TARGET_MIPS)
1313 s->c_cpu->active_tc.PC = addr;
1314 #elif defined (TARGET_CRIS)
1315 s->c_cpu->pc = addr;
1318 cpu_single_step(s->c_cpu, sstep_flags);
1326 ret = strtoull(p, (char **)&p, 16);
1329 err = strtoull(p, (char **)&p, 16);
1336 if (gdb_current_syscall_cb)
1337 gdb_current_syscall_cb(s->c_cpu, ret, err);
1339 put_packet(s, "T02");
1347 for (addr = 0; addr < num_g_regs; addr++) {
1348 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1351 memtohex(buf, mem_buf, len);
1355 registers = mem_buf;
1356 len = strlen(p) / 2;
1357 hextomem((uint8_t *)registers, p, len);
1358 for (addr = 0; addr < num_g_regs && len > 0; addr++) {
1359 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1361 registers += reg_size;
1363 put_packet(s, "OK");
1366 addr = strtoull(p, (char **)&p, 16);
1369 len = strtoull(p, NULL, 16);
1370 if (cpu_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 0) != 0) {
1371 put_packet (s, "E14");
1373 memtohex(buf, mem_buf, len);
1378 addr = strtoull(p, (char **)&p, 16);
1381 len = strtoull(p, (char **)&p, 16);
1384 hextomem(mem_buf, p, len);
1385 if (cpu_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 1) != 0)
1386 put_packet(s, "E14");
1388 put_packet(s, "OK");
1391 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1392 This works, but can be very slow. Anything new enough to
1393 understand XML also knows how to use this properly. */
1395 goto unknown_command;
1396 addr = strtoull(p, (char **)&p, 16);
1397 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1399 memtohex(buf, mem_buf, reg_size);
1402 put_packet(s, "E14");
1407 goto unknown_command;
1408 addr = strtoull(p, (char **)&p, 16);
1411 reg_size = strlen(p) / 2;
1412 hextomem(mem_buf, p, reg_size);
1413 gdb_write_register(s->g_cpu, mem_buf, addr);
1414 put_packet(s, "OK");
1418 type = strtoul(p, (char **)&p, 16);
1421 addr = strtoull(p, (char **)&p, 16);
1424 len = strtoull(p, (char **)&p, 16);
1426 res = gdb_breakpoint_insert(addr, len, type);
1428 res = gdb_breakpoint_remove(addr, len, type);
1430 put_packet(s, "OK");
1431 else if (res == -ENOSYS)
1434 put_packet(s, "E22");
1438 thread = strtoull(p, (char **)&p, 16);
1439 if (thread == -1 || thread == 0) {
1440 put_packet(s, "OK");
1443 for (env = first_cpu; env != NULL; env = env->next_cpu)
1444 if (env->cpu_index + 1 == thread)
1447 put_packet(s, "E22");
1453 put_packet(s, "OK");
1457 put_packet(s, "OK");
1460 put_packet(s, "E22");
1465 thread = strtoull(p, (char **)&p, 16);
1466 #ifndef CONFIG_USER_ONLY
1467 if (thread > 0 && thread < smp_cpus + 1)
1471 put_packet(s, "OK");
1473 put_packet(s, "E22");
1477 /* parse any 'q' packets here */
1478 if (!strcmp(p,"qemu.sstepbits")) {
1479 /* Query Breakpoint bit definitions */
1480 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1486 } else if (strncmp(p,"qemu.sstep",10) == 0) {
1487 /* Display or change the sstep_flags */
1490 /* Display current setting */
1491 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1496 type = strtoul(p, (char **)&p, 16);
1498 put_packet(s, "OK");
1500 } else if (strcmp(p,"C") == 0) {
1501 /* "Current thread" remains vague in the spec, so always return
1502 * the first CPU (gdb returns the first thread). */
1503 put_packet(s, "QC1");
1505 } else if (strcmp(p,"fThreadInfo") == 0) {
1506 s->query_cpu = first_cpu;
1507 goto report_cpuinfo;
1508 } else if (strcmp(p,"sThreadInfo") == 0) {
1511 snprintf(buf, sizeof(buf), "m%x", s->query_cpu->cpu_index+1);
1513 s->query_cpu = s->query_cpu->next_cpu;
1517 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1518 thread = strtoull(p+16, (char **)&p, 16);
1519 for (env = first_cpu; env != NULL; env = env->next_cpu)
1520 if (env->cpu_index + 1 == thread) {
1521 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1522 "CPU#%d [%s]", env->cpu_index,
1523 env->halted ? "halted " : "running");
1524 memtohex(buf, mem_buf, len);
1530 #ifdef CONFIG_LINUX_USER
1531 else if (strncmp(p, "Offsets", 7) == 0) {
1532 TaskState *ts = s->c_cpu->opaque;
1534 snprintf(buf, sizeof(buf),
1535 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1536 ";Bss=" TARGET_ABI_FMT_lx,
1537 ts->info->code_offset,
1538 ts->info->data_offset,
1539 ts->info->data_offset);
1544 if (strncmp(p, "Supported", 9) == 0) {
1545 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1547 strcat(buf, ";qXfer:features:read+");
1553 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1555 target_ulong total_len;
1559 xml = get_feature_xml(p, &p);
1561 snprintf(buf, sizeof(buf), "E00");
1568 addr = strtoul(p, (char **)&p, 16);
1571 len = strtoul(p, (char **)&p, 16);
1573 total_len = strlen(xml);
1574 if (addr > total_len) {
1575 snprintf(buf, sizeof(buf), "E00");
1579 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1580 len = (MAX_PACKET_LENGTH - 5) / 2;
1581 if (len < total_len - addr) {
1583 len = memtox(buf + 1, xml + addr, len);
1586 len = memtox(buf + 1, xml + addr, total_len - addr);
1588 put_packet_binary(s, buf, len + 1);
1592 /* Unrecognised 'q' command. */
1593 goto unknown_command;
1597 /* put empty packet */
1605 extern void tb_flush(CPUState *env);
1607 void gdb_set_stop_cpu(CPUState *env)
1609 gdbserver_state->c_cpu = env;
1610 gdbserver_state->g_cpu = env;
1613 #ifndef CONFIG_USER_ONLY
1614 static void gdb_vm_stopped(void *opaque, int reason)
1616 GDBState *s = gdbserver_state;
1617 CPUState *env = s->c_cpu;
1622 if (s->state == RS_SYSCALL)
1625 /* disable single step if it was enable */
1626 cpu_single_step(env, 0);
1628 if (reason == EXCP_DEBUG) {
1629 if (env->watchpoint_hit) {
1630 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1641 snprintf(buf, sizeof(buf),
1642 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1643 SIGTRAP, env->cpu_index+1, type,
1644 env->watchpoint_hit->vaddr);
1646 env->watchpoint_hit = NULL;
1651 } else if (reason == EXCP_INTERRUPT) {
1656 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, env->cpu_index+1);
1661 /* Send a gdb syscall request.
1662 This accepts limited printf-style format specifiers, specifically:
1663 %x - target_ulong argument printed in hex.
1664 %lx - 64-bit argument printed in hex.
1665 %s - string pointer (target_ulong) and length (int) pair. */
1666 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1675 s = gdbserver_state;
1678 gdb_current_syscall_cb = cb;
1679 s->state = RS_SYSCALL;
1680 #ifndef CONFIG_USER_ONLY
1681 vm_stop(EXCP_DEBUG);
1692 addr = va_arg(va, target_ulong);
1693 p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx, addr);
1696 if (*(fmt++) != 'x')
1698 i64 = va_arg(va, uint64_t);
1699 p += snprintf(p, &buf[sizeof(buf)] - p, "%" PRIx64, i64);
1702 addr = va_arg(va, target_ulong);
1703 p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx "/%x",
1704 addr, va_arg(va, int));
1708 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1719 #ifdef CONFIG_USER_ONLY
1720 gdb_handlesig(s->c_cpu, 0);
1722 cpu_interrupt(s->c_cpu, CPU_INTERRUPT_EXIT);
1726 static void gdb_read_byte(GDBState *s, int ch)
1731 #ifndef CONFIG_USER_ONLY
1732 if (s->last_packet_len) {
1733 /* Waiting for a response to the last packet. If we see the start
1734 of a new command then abandon the previous response. */
1737 printf("Got NACK, retransmitting\n");
1739 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1743 printf("Got ACK\n");
1745 printf("Got '%c' when expecting ACK/NACK\n", ch);
1747 if (ch == '+' || ch == '$')
1748 s->last_packet_len = 0;
1753 /* when the CPU is running, we cannot do anything except stop
1754 it when receiving a char */
1755 vm_stop(EXCP_INTERRUPT);
1762 s->line_buf_index = 0;
1763 s->state = RS_GETLINE;
1768 s->state = RS_CHKSUM1;
1769 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1772 s->line_buf[s->line_buf_index++] = ch;
1776 s->line_buf[s->line_buf_index] = '\0';
1777 s->line_csum = fromhex(ch) << 4;
1778 s->state = RS_CHKSUM2;
1781 s->line_csum |= fromhex(ch);
1783 for(i = 0; i < s->line_buf_index; i++) {
1784 csum += s->line_buf[i];
1786 if (s->line_csum != (csum & 0xff)) {
1788 put_buffer(s, &reply, 1);
1792 put_buffer(s, &reply, 1);
1793 s->state = gdb_handle_packet(s, s->line_buf);
1802 #ifdef CONFIG_USER_ONLY
1804 gdb_handlesig (CPUState *env, int sig)
1810 s = gdbserver_state;
1811 if (gdbserver_fd < 0 || s->fd < 0)
1814 /* disable single step if it was enabled */
1815 cpu_single_step(env, 0);
1820 snprintf(buf, sizeof(buf), "S%02x", sig);
1823 /* put_packet() might have detected that the peer terminated the
1830 s->running_state = 0;
1831 while (s->running_state == 0) {
1832 n = read (s->fd, buf, 256);
1837 for (i = 0; i < n; i++)
1838 gdb_read_byte (s, buf[i]);
1840 else if (n == 0 || errno != EAGAIN)
1842 /* XXX: Connection closed. Should probably wait for annother
1843 connection before continuing. */
1852 /* Tell the remote gdb that the process has exited. */
1853 void gdb_exit(CPUState *env, int code)
1858 s = gdbserver_state;
1859 if (gdbserver_fd < 0 || s->fd < 0)
1862 snprintf(buf, sizeof(buf), "W%02x", code);
1867 static void gdb_accept(void)
1870 struct sockaddr_in sockaddr;
1875 len = sizeof(sockaddr);
1876 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1877 if (fd < 0 && errno != EINTR) {
1880 } else if (fd >= 0) {
1885 /* set short latency */
1887 setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val, sizeof(val));
1889 s = qemu_mallocz(sizeof(GDBState));
1896 memset (s, 0, sizeof (GDBState));
1897 s->c_cpu = first_cpu;
1898 s->g_cpu = first_cpu;
1902 gdbserver_state = s;
1904 fcntl(fd, F_SETFL, O_NONBLOCK);
1907 static int gdbserver_open(int port)
1909 struct sockaddr_in sockaddr;
1912 fd = socket(PF_INET, SOCK_STREAM, 0);
1918 /* allow fast reuse */
1920 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
1922 sockaddr.sin_family = AF_INET;
1923 sockaddr.sin_port = htons(port);
1924 sockaddr.sin_addr.s_addr = 0;
1925 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1930 ret = listen(fd, 0);
1938 int gdbserver_start(int port)
1940 gdbserver_fd = gdbserver_open(port);
1941 if (gdbserver_fd < 0)
1943 /* accept connections */
1948 static int gdb_chr_can_receive(void *opaque)
1950 /* We can handle an arbitrarily large amount of data.
1951 Pick the maximum packet size, which is as good as anything. */
1952 return MAX_PACKET_LENGTH;
1955 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1959 for (i = 0; i < size; i++) {
1960 gdb_read_byte(gdbserver_state, buf[i]);
1964 static void gdb_chr_event(void *opaque, int event)
1967 case CHR_EVENT_RESET:
1968 vm_stop(EXCP_INTERRUPT);
1976 int gdbserver_start(const char *port)
1979 char gdbstub_port_name[128];
1982 CharDriverState *chr;
1984 if (!port || !*port)
1987 port_num = strtol(port, &p, 10);
1989 /* A numeric value is interpreted as a port number. */
1990 snprintf(gdbstub_port_name, sizeof(gdbstub_port_name),
1991 "tcp::%d,nowait,nodelay,server", port_num);
1992 port = gdbstub_port_name;
1995 chr = qemu_chr_open("gdb", port);
1999 s = qemu_mallocz(sizeof(GDBState));
2003 s->c_cpu = first_cpu;
2004 s->g_cpu = first_cpu;
2006 gdbserver_state = s;
2007 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
2008 gdb_chr_event, NULL);
2009 qemu_add_vm_stop_handler(gdb_vm_stopped, NULL);
projects / qemu / blob